True but this implies that everyone should just use what's free so it can all be the same; even if the standard has many years-long unfixed bugs and is unresponsive to community fixes. I'm glad it's come to a head if it gets rid of a false sense of security.

Totally agree. I love what libressl is doing and my great hope from this effort is that Google's people will port libressl PROPERLY onto Linux. That is critical for the parts where OpenBSD clearly states that the underlying OS must provide key pieces like random number generation, but the implementation must be done right and is often done poorly in initial ports.

I'm hopeful for that, too. Many of the qualms with the preliminary libressl ports revolve around (IIRC) the lack of exploit mitigation features in the operating systems being ported to; perhaps a proper port would be yet another encouragement for those features to be implemented in non-OpenBSD unixen (given that - from what I understand - both FreeBSD and Linux already have the code to support those features, and just need them to be enabled)?